Technology

Digital identity revolution?

The technology behind bitcoin could beef up online security

In the online world, user IDs and passwords are an annoying fact of life. Websites we frequently visit often require us to divulge sensitive personal information, and the lock and key that protects this information is a unique user ID and password.

But recent, high-profile hacking scandals such as the Equifax attack, in which millions of users’ personal data was compromised, have increased calls for a revolution in digital identification. And many experts believe the “blockchain”—the technology behind the digital currency known as bitcoin—will provide the means for such a revolution.

The blockchain is a decentralized, distributed online ledger that records digital transactions such as the exchange of bitcoins. It uses cryptography and an internetwide network of computers to solve a long-standing problem in computer science: How to establish trust between two parties over an untrusted network.

Blockchain technology could enable what is being called “self-sovereign identity,” in which your digital identity would be stored on your smartphone or computer in an “identity wallet.” Unlike today’s user IDs and passwords, which are shared by both you and a given website, your identity wallet would hold digital credentials that function as proof of identification, and only you would have the key to the wallet.

Writing at IBM’s Think Blog, Jerry Cuomo, vice president for blockchain technologies at IBM, offered the example of a car loan: Today, “Sam” would have to fill out a loan application and provide the bank with his personal information. But what the bank really wants to know is if Sam can afford the car and be trusted to pay back the loan. With a self-sovereign identity, it’s no longer necessary for Sam to divulge his personal info to prove his creditworthiness.

“If Sam’s employer [participates] in the blockchain identity network, the employer can attest that Sam is employed with them and makes more than $50,000 a year,” explained Cuomo. Since Sam’s employer as well as other banks with which he does business are on the network, Sam can give them his consent to validate his loan application, which can then be issued with minimal information.

“Using this process not all personal information needs to be shared, such as his exact salary, instead, the network validates that it is above a certain threshold,” wrote Cuomo.

Initiatives to create open-source platforms for self-sovereign identities include projects such as Evernym and Microsoft Azure.

But simplifying the blockchain-based identity for the average user will be the key to its success, wrote technology analyst Martin Kuppinger in Computer Weekly. He noted that the easier a site is to access, the faster users give up privacy considerations: “Sovereign-identity solutions would therefore have to be structured just as simply to be of interest to everyday users on a large scale.”